|
|
9742fa |
From 678ef82dd5608439c9a4222c594ab66d69009f06 Mon Sep 17 00:00:00 2001
|
|
|
91b2d5 |
From: Sergio Correia <scorreia@redhat.com>
|
|
|
91b2d5 |
Date: Fri, 29 Oct 2021 12:04:46 -0300
|
|
|
91b2d5 |
Subject: [PATCH 3/3] systemd: account for unlocking failures in
|
|
|
91b2d5 |
clevis-luks-askpass (#343)
|
|
|
91b2d5 |
|
|
|
91b2d5 |
As unlock may fail for some reason, e.g. the network is not up yet,
|
|
|
91b2d5 |
one way cause problems would be to add extra `rd.luks.uuid' params
|
|
|
91b2d5 |
to the cmdline, which would then cause such devices to be unlocked
|
|
|
91b2d5 |
in early boot. If the unlocking fail, those devices might not be
|
|
|
91b2d5 |
accounted for in the clevis_devices_to_unlock() check, as it is
|
|
|
91b2d5 |
based on crypttab.
|
|
|
91b2d5 |
|
|
|
91b2d5 |
Let's make sure there are no pending ask.* sockets waiting to be
|
|
|
91b2d5 |
answered, before exiting.
|
|
|
91b2d5 |
|
|
|
91b2d5 |
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1878892
|
|
|
91b2d5 |
---
|
|
|
91b2d5 |
src/luks/systemd/clevis-luks-askpass | 5 ++++-
|
|
|
91b2d5 |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
91b2d5 |
|
|
|
91b2d5 |
diff --git a/src/luks/systemd/clevis-luks-askpass b/src/luks/systemd/clevis-luks-askpass
|
|
|
91b2d5 |
index 285bba4..f19671f 100755
|
|
|
91b2d5 |
--- a/src/luks/systemd/clevis-luks-askpass
|
|
|
91b2d5 |
+++ b/src/luks/systemd/clevis-luks-askpass
|
|
|
91b2d5 |
@@ -67,8 +67,11 @@ while true; do
|
|
|
91b2d5 |
done
|
|
|
91b2d5 |
|
|
|
91b2d5 |
[ "${loop}" != true ] && break
|
|
|
91b2d5 |
+
|
|
|
91b2d5 |
# Checking for pending devices to be unlocked.
|
|
|
91b2d5 |
- if remaining=$(clevis_devices_to_unlock) && [ -z "${remaining}" ]; then
|
|
|
91b2d5 |
+ remaining_crypttab=$(clevis_devices_to_unlock) ||:
|
|
|
91b2d5 |
+ remaining_askfiles=$(ls "${path}"/ask.* 2>/dev/null) ||:
|
|
|
91b2d5 |
+ if [ -z "${remaining_crypttab}" ] && [ -z "${remaining_askfiles}" ]; then
|
|
|
91b2d5 |
break;
|
|
|
91b2d5 |
fi
|
|
|
91b2d5 |
|
|
|
91b2d5 |
--
|
|
|
91b2d5 |
2.33.1
|
|
|
91b2d5 |
|